Daily Times

A breach in Twitter´s security that allowed hackers to break into the accounts of leaders and technology moguls is one of the worst attacks in recent years and may shake trust in a platform politicians and CEOs use to communicate with the public, experts said Thursday.

The FBI said Thursday it is investigating the hacks, and said the high-profile accounts “appear to have been compromised in order to perpetuate cryptocurrency fraud.”

The ruse discovered Wednesday included bogus tweets from former President Barack Obama, Democratic presidential front-runner Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.

Twitter said the hackers used “social engineering” to target some of the company’s employees and then gained access to the accounts. The term refers to taking advantage of human nature via phishing attacks, tricking people into downloading malicious software or compromising them by offering something in return for information. Twitter did not say how its employees were compromised.

The attackers sent out tweets from the accounts of the public figures, offering to send $2,000 for every $1,000 sent to an anonymous Bitcoin address.

Cybersecurity experts say such a breach could have dire consequences since the attackers were tweeting from verified, globally influential accounts with millions of followers.

“If you receive a tweet from a verified account, belonging to a well-known and therefore trusted person, you can no longer assume it´s really from them,” said Michael Gazeley, managing director of cybersecurity firm Network Box.

Reacting to the breach, Twitter swiftly deleted the tweets and locked down the accounts to investigate. In the process it prevented verified users from sending out tweets for several hours.

The company said Thursday it has taken “significant steps to limit access to internal systems and tools.” User passwords did not appear to have been compromised, Twitter said, so it’s not necessary for users to reset them.

Many celebrities, politicians and business leaders often use Twitter as a public platform to make statements. US President Donald Trump, for example, regularly uses Twitter to post about national and geopolitical matters, and his account is closely followed by media, analysts and governments around the world. The White House said Thursday his account was secure and wasn’t jeopardized by the hacks. Twitter faces an uphill battle in regaining people´s confidence, Gazeley said. For a start, it needs to figure out exactly which accounts were hacked and show the vulnerabilities have been fixed, he said.

“If key employees at Twitter were tricked, that´s actually a serious cybersecurity problem in itself,” he said. “How can one of the world´s most used social media platforms have such weak security, from a human perspective?”

Rachel Tobac, CEO of Socialproof Security, said that the breach appeared to be largely financially motivated. But such an attack could cause more serious consequences. “Can you imagine if they had taken over a world leader´s account, and tweeted out a threat of violence to another country´s leader?” asked Tobac, a social engineering hacker who specializes in providing training for companies to protect themselves from such breaches.